====== Scanning With Propecia ======

Combines network discovery using propecia and scanning with nmap.

This script was taken from [[http://wiki.remote-exploit.org/backtrack/wiki/Scripts|the BackTrack Wiki]]. For updates please check the original site.

<code>
#!/bin/bash

clear
echo
echo Discover
echo
echo
echo By Lee Baird
echo July 26, 2008
echo "v 0.24"
echo
echo "This script combines network discovery using propecia and scanning with nmap."
echo
echo Usage:  192.168.1
echo Enter the Class C range.
echo
read class
echo
echo "####################"
echo
echo "Looking for targets."
echo

# Make sure propecia is located in the path.
# cp /pentest/scanners/propecia/propecia /usr/bin

# TCP ports
propecia $class 21 > a.txt              # FTP
propecia $class 22 >> a.txt             # SSH
propecia $class 23 >> a.txt		# Telnet
propecia $class 25 >> a.txt		# SMTP
propecia $class 80 >> a.txt		# HTTP
propecia $class 135 >> a.txt		# RPC
propecia $class 139 >> a.txt		# NetBIOS-Session Service
propecia $class 443 >> a.txt		# SSL
propecia $class 445 >> a.txt		# SMB
propecia $class 3389 >> a.txt	        # RDP

# UDP ports
propecia $class 53 >> a.txt		# DNS
propecia $class 67 >> a.txt		# DHCP
propecia $class 123 >> a.txt		# NTP
propecia $class 137 >> a.txt		# NetBIOS-Name Service
propecia $class 161 >> a.txt		# SNMP
propecia $class 1434 >> a.txt	        # SQL

# Misc vendor ports here
propecia $class 1521 >> a.txt	        # Oracle
propecia $class 3306 >> a.txt	        # MySQL
propecia $class 5900 >> a.txt	        # VNC
propecia $class 8080 >> a.txt	        # alt HTTP
propecia $class 9100 >> a.txt	        # HP printers

# Check for zero targets
if [ `ls -l a.txt | awk '{print $5}'` -eq 0 ] ; then
	echo "No targets found."
	echo
	rm a.txt
	exit
else

# Sort IP address list
sort -u -t. -k1,1n -k2,2n -k3,3n -k4,4n a.txt >> list.txt

# Total number of targets
wc -l list.txt | cut -d " " -f1

echo
echo "####################"
echo
echo "Scanning targets."

# Start nmap scan
nmap -iL list.txt -PN -n -F -T4 --open -A > temp.txt

# Clean up nmap results
cat temp.txt | egrep -v "Not" | egrep -v "SF" | egrep -v "All" | egrep -v "unrecognized" | egrep -v "Please" | egrep -v "Nmap done" > scan.txt

# Remove temp files
rm a.txt
rm temp.txt

echo
echo "####################"
echo
cat scan.txt

fi
</code>

Submitted by [[leebaird@gmail.com|Lee Baird]]